Hello fellow security professionals, coders, administrators, webmasters and general hackers of technological nature.
I’d like to introduce the company and its flagship project/product, so, hello from Ecsypno and the SCNR (just a code name, pronounced “scanner”) web application security scanner.
Also, hello from me as well, I’m Anastasios Laskos and I’m the founder, CEO and R&D Director of Ecsypno Single Member P.C., but you can call me Tasos (short for Anastasios).
This is the start of a very challenging and interesting journey and so on and so forth and more boilerplate start-up introductive pseudo-sentimental and inspirational blobery.
To make it short, we’re building a lot of cool tech to support our products and pretty much all of it is released under F/OSS licenses or close enough — FYI, our F/OSS projects live under the Qadron organisation so keep a close eye on it for new amazing tech.
Some of our newest projects are:
- SCNR — a magnificent WebApp security scanner that’s, hopefully, going to blow your mind.
- Cuboid — an application-centric decentralized distributed framework in Ruby.
- DSel — a DSL/API generator and runner written in Ruby.
There are of course more projects to come, so stay tuned — a really nice, easy to use and insightful Ruby profiler is probably next to become F/OSS as well.
SCNR
SCNR is a modular, distributed, high-performance DAST web application security scanner framework, capable of analyzing the behavior and security of modern web applications and web APIs.
It is inspired and built by the more than a decade of experience gathered during the development of Arachni and is eventually going to replace it via means of natural obsolescence.
SCNR is much faster, consumes less resources and provides more and better interfaces to interact with the scanner engine in the form of Ruby API, CLI, REST and WebUI.
In the spirit of being open and honest about things, SCNR is currently closed source (or close enough) and released as time-trial packages, for the time being.
This is because it’s still a work in progress (call it beta) and its future is still to be determined, as due to its versatility, its places in the market are a bit uncertain still.
You are however welcomed to give it a try and enjoy an insight into the — and I hope I’m not biting more than I can chew here — next generation of DAST software!
You can easily install it with:
bash -c "$(curl -sSL https://get.ecsypno.com/scnr)"
Currently, there is only one package (updated regularly) and it’s for 64bit Linux distributions.
For more information about what makes it special, please consult the documentation and should you run into any trouble feel free to visit our support portal.
Performance
Here’s an idea of how SCNR does vs plain old Arachni (all scans were performed with default configurations).
| http://testhtml5.vulnweb.com | Duration | HTTP requests | HTTP requests per second | Browser jobs | Seconds per browser job |
| Arachni | 00:12:43 | 20,486 | 31 | 508 | 4.764 |
| SCNR | 00:02:41 | 5,774 | 30 | 192 | 1.215 |
For more info and a brief history see:
- SCNR Documentation
- New engine and Pro preview package
- Benchmark: Arachni vs SCNR
- Benchmark: Arachni vs SCNR resource usage
Qadron
Qadron is the F/OSS organization of Ecsypno and is where our public R&D takes place.
It houses projects used to support our closed source/commercial products and I’m sure some of the stuff in there will come as great to help to many others.
Some are esoteric, others novel, but all can be significantly useful when building powerful distributed applications.
Epilogue
These are the basics, I think we’ve properly dispersed with the formalities and major issues for now.
More details about each project will be announced and displayed as we move forward.
Thank you all for your time.
Kind regards,
Tasos L.